1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: WebSpeed Admin Utility Access

Web Attack: WebSpeed Admin Utility Access

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects HTTP requests that attempt to exploit an unauthorized access vulnerability in the Web-based Progress WebSpeed configuration utilities.

Additional Information

Progress WebSpeed is an Internet Transaction Processing (ITP) Web application that allows for database connectivity and transaction management.

The WebSpeed WSISA Messenger Administration Utility is remotely accessible from any Web browser. This utility displays sensitive Web server statistics and grants capabilities to administer certain functions of the Web server, and can be accessed without any authentication requirements whatsoever.

The WebSpeed WSISA Messenger Administration Utility cannot be disabled through the program itself, even though it gives you an option to do so through the Java GUI interface.

Affected

  • Progress WebSpeed 3.0

Response

Progress has released patches that correct this issue and may be downloaded at the location below:

Progress Software

Progress also recommends disabling the WSISA Messenger Administration Utility after the Webspeed applications have gone into production. The following instructions have been taken from the Progress knowledge base:

For security reasons, many web administrators do not allow users to use the WSMAdmin command to access webspeed configuration information. In order to disable this, you have to uncheck the box next to 'Internal Administration Command - WSMAdmin' for each Webspeed Messenger.

If after doing the above, you find that you can still access the WSMAdmin utility from a web browser, you need to take the following steps:

1. Stop the webspeed brokers
2. Close the Progress Explorer
3. Open the ubroker.properties file in notepad (or any other editor)

Find the following entry under[Webspeed.Messengers]
AllowMsngrCmds=1
Modify this line to: AllowMsngrCmds=0

4. Stop the Progress Admin Service - (Control Panel->Services)
5. Re-start the Progress Admin Service - (Control Panel->Services)
6. Connect to the Progress Admin Service from the Progress Explorer
7. Restart your web brokers

Messenger Internal Commands should now be disabled and you should not be able to access WSMAdmin from a web browser.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube